The GDPR “Right to be Forgotten” does not require your organization to delete customer data. Here is why…
The “Right to be Forgotten” (RTBF) was proposed over 2 decades ago. It’s intention is to allow data subjects to “…determine the development of their life without perpetually or periodically stigmatized as a consequence of a specific action performed in the past”*. RTBF is the most pressing, complex and costly IT project for achieving GDPR compliance.
SecuPi GDPR platform enables to comply with RTBF across your organization with a fraction of the resources, time and cost, and without physical erasure!
It deploys an overlay on data flows and processes, to logically erase customers who have asked to be forgotten, complying with both GDPR and decade-long retention periods required by tax and legal.
This is how it works in a nutshell:
SecuPi uses an overlay on business applications to discover, monitor and control all personal data-flows and processes.
When customers ask to be forgotten (during the retention period), SecuPi applies ‘Logical Erasure’ policy centrally across all data-flows and processes, erasing access to these customers without actually deleting the customer’s records in the databases. It makes personal data inaccessible to all, except authorized users (e.g., the DPO) or tax/legal processes. Logical erasure can be applied to a variety of environments, including production and non-production environments.
SecuPi also offers a ‘Physical Erasure and Anonymization (PEA)’ solution to completely delete client personal data identifier fields of data at-rest (in the various data stores).
The unique SecuPi Logical Erasure enables to comply with RTBF while simultaneously complying with tax and legal requirements and with fraction of the resources, time and cost.
Since the purpose of RTBF is to avoid stigmatizing data subjects based on their past, logical erasure will make data inaccessible and customers will not be able to be stigmatized.
Legal experts view SecuPi solutions as an adequate alternative to complete record erasure because those risks to data subjects are minimized. Personal data is rendered persistently inaccessible and/or unintelligible.
If you’d like to get more details on our unique solution, contact us at firstname.lastname@example.org.
*Mantelero, Alessandro (2013). “The EU Proposal for a General Data Protection Regulation and the roots of the ‘right to be forgotten'”. Computer Law & Security Review. 29 (3): 229–23f5. doi:10.1016/j.clsr.2013.03.010